dChan
Anonymous ID: 320620 Nov. 25, 2018, 8:54 p.m. No.4032797   🗄️.is 🔗kun   >>2825

>>4031422

https:// www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/139/havex-targets-industrial-control-systems

 

Remote Access via HAVEX

 

The attack relied on a remote access Trojan (RAT). This malware collects information and uploads the stolen data to the command-and-control (C&C) servers. The malware collects the infected machine’s OS version, the computer name, the logged in user, list of files, and directories.

 

This Trojan can download and execute component files. These component files are capable of enumerating all connected network resources, such as computers or shared resources. It uses the Distributed Component Object Model (DCOM) to connect to OPC servers within the network. It enumerates the OPC servers to gather information such as the CLSID, UserType, Program ID, version support, server bandwidth, and server state.

 

Both the Trojan and the component files are detected as BKDR_HAVEX.A.

 

Also, Link to Koala.

https:// www.wired.com/story/russian-hacking-teams-infrastructure/

 

The prime candidate among Russia's array of hacker teams is a group of cyberspies most widely identified as Energetic Bear, but also known by names including DragonFly, Koala, and Iron Liberty. First spotted by the security firm Crowdstrike in 2014,

Anonymous ID: 320620 Nov. 25, 2018, 8:57 p.m. No.4032820   🗄️.is 🔗kun

>>4032143

>>4032122

>https:// www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/139/havex-targets-industrial-control-systems

 

>Remote Access via HAVEX

 

>The attack relied on a remote access Trojan (RAT). This malware collects information and uploads the stolen data to the command-and-control (C&C) servers. The malware collects the infected machine’s OS version, the computer name, the logged in user, list of files, and directories.

 

>This Trojan can download and execute component files. These component files are capable of enumerating all connected network resources, such as computers or shared resources. It uses the Distributed Component Object Model (DCOM) to connect to OPC servers within the network. It enumerates the OPC servers to gather information such as the CLSID, UserType, Program ID, version support, server bandwidth, and server state.

 

>Both the Trojan and the component files are detected as BKDR_HAVEX.A.

 

>Also, Link to Koala.

 

>https:// www.wired.com/story/russian-hacking-teams-infrastructure/

 

>The prime candidate among Russia's array of hacker teams is a group of cyberspies most widely identified as Energetic Bear, but also known by names including DragonFly, Koala, and Iron Liberty. First spotted by the security firm Crowdstrike in 2014,